SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach. The list was hosted on “Customers” page of the company’s website and is easily accessible through its Google cache. But the page has been deleted from the site itself, suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity. Google’s cache shows that the page was still live as of Monday morning (roughly 11AM ET). SolarWinds did not respond to a request for clarification.
SolarWinds is still reeling from an extensive Russia-linked hack reported on Sunday, which affected a range of government agencies and private corporations. The hack was reportedly executed by compromising SolarWinds’ Orion IT product, using Orion’s update system to deploy malicious code. As organizations scramble to determine who may have been vulnerable to the hack, the list of organizations using Orion IT is the best guide many have.
“Many agencies don’t know how on fire they are yet”
The list of vulnerable companies is much smaller than SolarWinds’ overall client list, so simply appearing on the list doesn’t mean a company has been affected. SolarWinds claims that only 33,000 companies use the Orion product, compared to its total client base of 330,000. Out of that 33,000, the company estimates that fewer than 18,000 were directly impacted by a malicious update, and the list of directly targeted companies is likely even smaller. Still, there is much about the attack that remains unknown, and it is possible that additional compromises have yet to be discovered.
SolarWinds’ overall client list includes a broad range of sensitive organizations. Before its removal, the page boasted a broad range of clients, including more than 425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States. In an article on Monday, The New York Times cited a number of organizations as vulnerable that are not cited on the public client page, including Boeing and Los Alamos National Laboratory.
Other organizations have been cagey about their own exposure, even within the federal government. Several news outlets have reported that the breach affected the Department of Homeland Security, but the department has not made any official statement regarding its exposure.
The chaos has been exacerbated by the recent departure of federal cybersecurity executive Christopher Krebs, who was fired as director of the Cyber and Infrastructure Security Agency (CISA) after contradicting President Trump’s groundless claims of election interference.
According to a Politico report, the growing scope of the crisis has pushed CISA’s resources to the breaking point. As one official told Politico, “many agencies don’t know how on fire they are yet.”